Rapid7 Vulnerability & Exploit Database

RHSA-2013:1307: php53 security, bug fix and enhancement update

RHSA-2013:1307: php53 security, bug fix and enhancement update

Severity

10

CVSS

(AV:N/AC:L/Au:N/C:C/I:C/A:C)

Published

07/20/2012

Created

07/25/2018

Added

10/03/2013

Modified

07/04/2017

Description

PHP is an HTML-embedded scripting language commonly used with the ApacheHTTP Server.It was found that PHP did not properly handle file names with a NULLcharacter. A remote attacker could possibly use this flaw to make a PHPscript access unexpected files and bypass intended file system accessrestrictions. (CVE-2006-7243)It was found that PHP did not check for carriage returns in HTTP headers,allowing intended HTTP response splitting protections to be bypassed.Depending on the web browser the victim is using, a remote attacker coulduse this flaw to perform HTTP response splitting attacks. (CVE-2011-1398)A flaw was found in PHP's SSL client's hostname identity check whenhandling certificates that contain hostnames with NULL bytes. If anattacker was able to get a carefully crafted certificate signed by atrusted Certificate Authority, the attacker could use the certificate toconduct man-in-the-middle attacks to spoof SSL servers. (CVE-2013-4248)An integer signedness issue, leading to a heap-based buffer underflow, wasfound in the PHP scandir() function. If a remote attacker could upload anexcessively large number of files to a directory the scandir() functionruns on, it could cause the PHP interpreter to crash or, possibly, executearbitrary code. (CVE-2012-2688)It was found that PHP did not correctly handle the magic_quotes_gpcconfiguration directive. This could result in magic_quotes_gpc inputescaping not being applied in all cases, possibly making it easier for aremote attacker to perform SQL injection attacks. (CVE-2012-0831)It was found that the PHP SOAP parser allowed the expansion of external XMLentities during SOAP message parsing. A remote attacker could possibly usethis flaw to read arbitrary files that are accessible to a PHP applicationusing a SOAP extension. (CVE-2013-1643)These updated php53 packages also include numerous bug fixes andenhancements. Space precludes documenting all of these changes in thisadvisory. Users are directed to the Red Hat Enterprise Linux 5.10 TechnicalNotes, linked to in the References, for information on the most significantof these changes.All PHP users are advised to upgrade to these updated packages, whichcontain backported patches to correct these issues and add thisenhancement. After installing the updated packages, the httpd daemon mustbe restarted for the update to take effect.

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.